Merge pull request #369 from TheophileDiot/dev

Advancements in the examples migration to 1.5

examples/drupal/autoconf.yml

@@ -21,28 +21,9 @@ services:
       - bunkerweb.LIMIT_REQ_URL_1=/core/install.php
       - bunkerweb.LIMIT_REQ_RATE_1=5r/s
       - |
-        bunkerweb.CUSTOM_CONF_MODSEC_CRS_drupal=
-        SecAction \
-         "id:900130,\
-          phase:1,\
-          nolog,\
-          pass,\
-          t:none,\
-          setvar:tx.crs_exclusions_drupal=1"
+        CUSTOM_CONF_MODSEC_CRS_drupal=SecAction "id:900130,phase:1,nolog,pass,t:none,setvar:tx.crs_exclusions_drupal=1"
 
-  mydb:
-    image: mariadb
-    networks:
-      bw-services:
-        aliases:
-          - mydb
-    volumes:
-      - ./db-data:/var/lib/mysql
-    environment:
-      - MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
-      - MYSQL_DATABASE=drupaldb
-      - MYSQL_USER=user
-      - MYSQL_PASSWORD=db-user-pwd # replace with a stronger password
+  # For the database, you can refer to the example of the autoconf including a database
 
 networks:
   bw-services:

examples/joomla/autoconf.yml

@@ -24,19 +24,7 @@ services:
       - bunkerweb.LIMIT_REQ_URL_2=/installation/index.php
       - bunkerweb.LIMIT_REQ_RATE_2=8r/s
 
-  mydb:
-    image: mariadb
-    volumes:
-      - ./db-data:/var/lib/mysql
-    networks:
-      bw-services:
-        aliases:
-          - mydb
-    environment:
-      - MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
-      - MYSQL_DATABASE=joomla_db
-      - MYSQL_USER=user
-      - MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match JOOMLA_DB_PASSWORD)
+  # For the database, you can refer to the example of the autoconf including a database
 
 networks:
   bw-services:

examples/load-balancer/docker-compose.yml

@@ -2,7 +2,7 @@ version: "3"
 
 services:
   mybunker:
-    image: bunkerity/bunkerweb:1.4.3
+    image: bunkerity/bunkerweb:1.5.0
     ports:
       - 80:8080
       - 443:8443
@@ -13,9 +13,10 @@ services:
     # another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
     # more info at https://docs.bunkerweb.io
     volumes:
-      - bw_data:/data # contains upstreams definition at http context
+      - bw-data:/data # contains upstreams definition at http context
     environment:
       - SERVER_NAME=www.example.com # replace with your domain
+      - API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
       - SERVE_FILES=no
       - DISABLE_DEFAULT_SERVER=yes
       - AUTO_LETS_ENCRYPT=yes
@@ -31,15 +32,57 @@ services:
           server app2:80;
           server app3:80;
         }
+    labels:
+      - "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
+    networks:
+      - bw-universe
+      - bw-services
+
+  bw-scheduler:
+    image: bunkerity/bunkerweb-scheduler:1.5.0
+    depends_on:
+      - mybunker
+    environment:
+      - DOCKER_HOST=tcp://docker-proxy:2375
+    volumes:
+      - bw-data:/data
+    networks:
+      - bw-universe
+      - net-docker
+
+  docker-proxy:
+    image: tecnativa/docker-socket-proxy
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    environment:
+      - CONTAINERS=1
+    networks:
+      - net-docker
 
   app1:
     image: tutum/hello-world
+    networks:
+      - bw-services
 
   app2:
     image: tutum/hello-world
+    networks:
+      - bw-services
 
   app3:
     image: tutum/hello-world
+    networks:
+      - bw-services
 
 volumes:
-  bw_data:
+  bw-data:
+
+
+networks:
+  bw-universe:
+    ipam:
+      driver: default
+      config:
+        - subnet: 10.20.30.0/24
+  bw-services:
+  net-docker:

examples/magento/autoconf.yml

@@ -43,19 +43,7 @@ services:
     volumes:
       - ./elasticsearch-data:/bitnami/elasticsearch/data
 
-  mydb:
-    image: mariadb:10.2
-    networks:
-      bw-services:
-        aliases:
-          - mydb
-    volumes:
-      - ./db-data:/var/lib/mysql
-    environment:
-      - MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
-      - MYSQL_DATABASE=magentodb
-      - MYSQL_USER=user
-      - MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match MAGENTO_DATABASE_PASSWORD)
+  # For the database, you can refer to the example of the autoconf including a database
 
 networks:
   bw-services:

examples/magento/cleanup-kubernetes.sh

@@ -1,11 +1,6 @@
 #!/bin/bash
 
-if [ $(id -u) -ne 0 ] ; then
-	echo "❌ Run me as root"
-	exit 1
-fi
-
 helm delete magento
 kubectl delete pvc data-magento-elasticsearch-data-0
 kubectl delete pvc data-magento-elasticsearch-master-0
-kubectl delete pvc data-magento-mariadb-0
+kubectl delete pvc data-magento-mariadb-0

examples/magento/docker-compose.yml

@@ -1,8 +1,12 @@
 version: "3"
 
+x-bunkerweb-env:
+  &bunkerweb-env
+  DATABASE_URI: "mariadb+pymysql://${MAGENTO_USER:-user}:${MAGENTO_PASSWORD:-secret}@mydb:3306/${BUNKERWEB_DATABASE:-bunkerweb}"
+
 services:
   mybunker:
-    image: bunkerity/bunkerweb:1.4.3
+    image: bunkerity/bunkerweb:1.5.0
     ports:
       - 80:8080
       - 443:8443
@@ -13,22 +17,47 @@ services:
     # another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
     # more info at https://docs.bunkerweb.io
     volumes:
-      - bw_data:/data
+      - bw-data:/data
     environment:
-      - SERVER_NAME=www.example.com # replace with your domain
-      - SERVE_FILES=no
-      - DISABLE_DEFAULT_SERVER=yes
-      - AUTO_LETS_ENCRYPT=yes
-      - USE_CLIENT_CACHE=yes
-      - USE_GZIP=yes
-      - USE_REVERSE_PROXY=yes
-      - REVERSE_PROXY_URL=/
-      - REVERSE_PROXY_HOST=http://mymagento:8080
-      - |
-        CUSTOM_CONF_SERVER_HTTP_magento=
-        proxy_busy_buffers_size 512k;
-        proxy_buffers 4 512k;
-        proxy_buffer_size 256k;
+      <<: *bunkerweb-env
+      SERVER_NAME: "www.example.com" # replace with your domain
+      API_WHITELIST_IP: "127.0.0.0/8 10.20.30.0/24"
+      SERVE_FILES: "no"
+      DISABLE_DEFAULT_SERVER: "yes"
+      AUTO_LETS_ENCRYPT: "yes"
+      USE_CLIENT_CACHE: "yes"
+      USE_GZIP: "yes"
+      USE_REVERSE_PROXY: "yes"
+      REVERSE_PROXY_URL: "/"
+      REVERSE_PROXY_HOST: "http://mymagento:8080"
+      CUSTOM_CONF_SERVER_HTTP_magento: "proxy_busy_buffers_size 512k;proxy_buffers 4 512k;proxy_buffer_size 256k;"
+    labels:
+      - "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
+    networks:
+      - bw-universe
+      - bw-services
+
+  bw-scheduler:
+    image: bunkerity/bunkerweb-scheduler:1.5.0
+    depends_on:
+      - mybunker
+    environment:
+      <<: *bunkerweb-env
+      DOCKER_HOST: "tcp://docker-proxy:2375"
+    volumes:
+      - bw-data:/data
+    networks:
+      - bw-universe
+      - net-docker
+
+  docker-proxy:
+    image: tecnativa/docker-socket-proxy
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    environment:
+      - CONTAINERS=1
+    networks:
+      - net-docker
 
   mymagento:
     image: bitnami/magento:2
@@ -42,10 +71,12 @@ services:
       - MAGENTO_ENABLE_HTTPS=yes
       - MAGENTO_ENABLE_ADMIN_HTTPS=yes
       - MAGENTO_DATABASE_HOST=mydb
-      - MAGENTO_DATABASE_NAME=magentodb
-      - MAGENTO_DATABASE_USER=user
-      - MAGENTO_DATABASE_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD)
+      - MAGENTO_DATABASE_NAME=${MAGENTO_DATABASE:-magentodb}
+      - MAGENTO_DATABASE_USER=${MAGENTO_USER:-user}
+      - MAGENTO_DATABASE_PASSWORD=${MAGENTO_PASSWORD:-secret} # set a stronger password in a .env file (must match MYSQL_PASSWORD)
       - ELASTICSEARCH_HOST=myelasticsearch
+    networks:
+      - bw-services
 
   myelasticsearch:
     image: bitnami/elasticsearch:7
@@ -53,13 +84,30 @@ services:
     # see setup-docker.sh
     volumes:
       - ./elasticsearch-data:/bitnami/elasticsearch/data
+    networks:
+      - bw-services
 
   mydb:
     image: mariadb:10.2
     volumes:
-      - ./db-data:/var/lib/mysql
+      - db-data:/var/lib/mysql
     environment:
-      - MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
-      - MYSQL_DATABASE=magentodb
-      - MYSQL_USER=user
-      - MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match MAGENTO_DATABASE_PASSWORD)
+      MARIADB_RANDOM_ROOT_PASSWORD: "yes"
+    entrypoint: sh -c "echo 'DROP USER IF EXISTS \"${MAGENTO_USER:-user}\"; CREATE USER \"${MAGENTO_USER:-user}\"@\"%\"; CREATE DATABASE IF NOT EXISTS ${MAGENTO_DATABASE:-magentodb}; CREATE DATABASE IF NOT EXISTS ${BUNKERWEB_DATABASE:-bunkerweb}; GRANT ALL PRIVILEGES ON ${MAGENTO_DATABASE:-magentodb}.* TO \"${MAGENTO_USER:-user}\"@\"%\" IDENTIFIED BY \"${MAGENTO_PASSWORD:-secret}\"; GRANT ALL PRIVILEGES ON ${BUNKERWEB_DATABASE:-bunkerweb}.* TO \"${MAGENTO_USER:-user}\"@\"%\" IDENTIFIED BY \"${MAGENTO_PASSWORD:-secret}\"; FLUSH PRIVILEGES;' > /docker-entrypoint-initdb.d/init.sql; /usr/local/bin/docker-entrypoint.sh --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci"
+    networks:
+      - bw-universe
+      - bw-services
+
+volumes:
+  bw-data:
+  db-data:
+
+
+networks:
+  bw-universe:
+    ipam:
+      driver: default
+      config:
+        - subnet: 10.20.30.0/24
+  bw-services:
+  net-docker:

examples/magento/setup-kubernetes.sh

@@ -1,9 +1,4 @@
 #!/bin/bash
 
-if [ $(id -u) -ne 0 ] ; then
-	echo "❌ Run me as root"
-	exit 1
-fi
-
 helm repo add bitnami https://charts.bitnami.com/bitnami
-helm install -f magento-chart-values.yml magento bitnami/magento
+helm install -f magento-chart-values.yml magento bitnami/magento

examples/magento/tests.json

@@ -3,7 +3,7 @@
   "kinds": ["docker", "autoconf", "swarm", "kubernetes"],
   "timeout": 360,
   "no_copy_container": true,
-  "delay": 180,
+  "delay": 240,
   "tests": [
     {
       "type": "string",

examples/mattermost/autoconf.yml

@@ -63,29 +63,7 @@ services:
       - bunkerweb.LIMIT_REQ_URL_3=^/static/
       - bunkerweb.LIMIT_REQ_RATE_3=10r/s
 
-  postgres:
-    image: postgres:${POSTGRES_IMAGE_TAG}
-    networks:
-      bw-services:
-        aliases:
-          - postgres
-    restart: ${RESTART_POLICY}
-    security_opt:
-      - no-new-privileges:true
-    pids_limit: 100
-    read_only: true
-    tmpfs:
-      - /tmp
-      - /var/run/postgresql
-    volumes:
-      - ${POSTGRES_DATA_PATH}:/var/lib/postgresql/data
-    environment:
-      # timezone inside container
-      - TZ
-      # necessary Postgres options/variables
-      - POSTGRES_USER
-      - POSTGRES_PASSWORD
-      - POSTGRES_DB
+  # For the postgres database, you can refer to the example of the autoconf including a postgres database
 
 networks:
   bw-services:

examples/mattermost/cleanup-kubernetes.sh

@@ -1,8 +1,3 @@
 #!/bin/bash
 
-if [ $(id -u) -ne 0 ] ; then
-	echo "❌ Run me as root"
-	exit 1
-fi
-
 helm delete mattermost

examples/mattermost/docker-compose.yml

@@ -1,8 +1,12 @@
 version: "3"
 
+x-bunkerweb-env:
+  &bunkerweb-env
+  DATABASE_URI: "postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres/${BUNKERWEB_DATABASE:-bunkerweb}"
+
 services:
   mybunker:
-    image: bunkerity/bunkerweb:1.4.3
+    image: bunkerity/bunkerweb:1.5.0
     ports:
       - 80:8080
       - 443:8443
@@ -13,37 +17,66 @@ services:
     # another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
     # more info at https://docs.bunkerweb.io
     volumes:
-      - bw_data:/data
+      - bw-data:/data
     environment:
-      - SERVER_NAME=www.example.com # replace with your domain
-      - AUTO_LETS_ENCRYPT=yes
-      - DISABLE_DEFAULT_SERVER=yes
-      - USE_CLIENT_CACHE=yes
-      - SERVE_FILES=no
-      - MAX_CLIENT_SIZE=50m
-      - USE_GZIP=yes
+      <<: *bunkerweb-env
+      SERVER_NAME: "${DOMAIN}" # set your domain name in the .env file, for additional domains, just add them separated by a space
+      API_WHITELIST_IP: "127.0.0.0/8 10.20.30.0/24"
+      AUTO_LETS_ENCRYPT: "yes"
+      DISABLE_DEFAULT_SERVER: "yes"
+      USE_CLIENT_CACHE: "yes"
+      SERVE_FILES: "no"
+      MAX_CLIENT_SIZE: "50m"
+      USE_GZIP: "yes"
       # Methods used to query the api
       # more info at https://api.mattermost.com/
-      - ALLOWED_METHODS=GET|POST|HEAD|DELETE|PUT
+      ALLOWED_METHODS: "GET|POST|HEAD|DELETE|PUT"
       # Reverse proxy to Mattermost
       # second endpoint needs websocket enabled
       # more info at https://docs.mattermost.com/install/config-proxy-nginx.html
-      - USE_REVERSE_PROXY=yes
-      - REVERSE_PROXY_INTERCEPT_ERRORS=no
-      - REVERSE_PROXY_URL_1=/
-      - REVERSE_PROXY_HOST_1=http://mattermost:8065
-      - REVERSE_PROXY_URL_2=~ /api/v[0-9]+/(users/)?websocket$$
-      - REVERSE_PROXY_HOST_2=http://mattermost:8065
-      - REVERSE_PROXY_WS_2=yes
+      USE_REVERSE_PROXY: "yes"
+      REVERSE_PROXY_INTERCEPT_ERRORS: "no"
+      REVERSE_PROXY_URL_1: "/"
+      REVERSE_PROXY_HOST_1: "http://mattermost:8065"
+      REVERSE_PROXY_URL_2: "~ /api/v[0-9]+/(users/)?websocket$$"
+      REVERSE_PROXY_HOST_2: "http://mattermost:8065"
+      REVERSE_PROXY_WS_2: "yes"
       # Default limit rate for URLs
-      - LIMIT_REQ_URL_1=/
-      - LIMIT_REQ_RATE_1=3r/s
+      LIMIT_REQ_URL_1: "/"
+      LIMIT_REQ_RATE_1: "3r/s"
       # Limit rate for api endpoints
-      - LIMIT_REQ_URL_2=^/api/
-      - LIMIT_REQ_RATE_2=10r/s
+      LIMIT_REQ_URL_2: "^/api/"
+      LIMIT_REQ_RATE_2: "10r/s"
       # Limit rate for static resources
-      - LIMIT_REQ_URL_3=^/static/
-      - LIMIT_REQ_RATE_3=10r/s
+      LIMIT_REQ_URL_3: "^/static/"
+      LIMIT_REQ_RATE_3: "10r/s"
+    labels:
+      - "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
+    networks:
+      - bw-universe
+      - bw-services
+
+  bw-scheduler:
+    image: bunkerity/bunkerweb-scheduler:1.5.0
+    depends_on:
+      - mybunker
+    environment:
+      <<: *bunkerweb-env
+      DOCKER_HOST: "tcp://docker-proxy:2375"
+    volumes:
+      - bw-data:/data
+    networks:
+      - bw-universe
+      - net-docker
+
+  docker-proxy:
+    image: tecnativa/docker-socket-proxy
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    environment:
+      - CONTAINERS=1
+    networks:
+      - net-docker
 
   mattermost:
     depends_on:
@@ -77,6 +110,8 @@ services:
       - MM_BLEVESETTINGS_INDEXDIR
       # additional settings
       - MM_SERVICESETTINGS_SITEURL
+    networks:
+      - bw-services
 
   postgres:
     image: postgres:${POSTGRES_IMAGE_TAG}
@@ -90,13 +125,27 @@ services:
       - /var/run/postgresql
     volumes:
       - ${POSTGRES_DATA_PATH}:/var/lib/postgresql/data
+      - ./init-db.sh:/docker-entrypoint-initdb.d/init-db.sh
     environment:
       # timezone inside container
       - TZ
       # necessary Postgres options/variables
       - POSTGRES_USER
       - POSTGRES_PASSWORD
-      - POSTGRES_DB
+      - POSTGRES_MULTIPLE_DATABASES=${POSTGRES_DB},${BUNKERWEB_DATABASE:-bunkerweb}
+    networks:
+      - bw-universe
+      - bw-services
 
 volumes:
-  bw_data:
+  bw-data:
+
+
+networks:
+  bw-universe:
+    ipam:
+      driver: default
+      config:
+        - subnet: 10.20.30.0/24
+  bw-services:
+  net-docker:

examples/mattermost/init-db.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+
+set -e
+set -u
+
+function create_user_and_database() {
+	local database=$1
+	echo "  Creating user and database '$database'"
+	psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL
+	    CREATE USER $database;
+	    CREATE DATABASE $database;
+	    GRANT ALL PRIVILEGES ON DATABASE $database TO $database;
+EOSQL
+}
+
+if [ -n "$POSTGRES_MULTIPLE_DATABASES" ]; then
+	echo "Multiple database creation requested: $POSTGRES_MULTIPLE_DATABASES"
+	for db in $(echo $POSTGRES_MULTIPLE_DATABASES | tr ',' ' '); do
+		create_user_and_database $db
+	done
+	echo "Multiple databases created"
+fi

examples/mattermost/setup-kubernetes.sh

@@ -1,9 +1,4 @@
 #!/bin/bash
 
-if [ $(id -u) -ne 0 ] ; then
-	echo "❌ Run me as root"
-	exit 1
-fi
-
 helm repo add mattermost https://helm.mattermost.com
 helm install -f mattermost-chart-values.yml mattermost mattermost/mattermost-team-edition

examples/mattermost/tests.json

@@ -2,7 +2,7 @@
   "name": "mattermost",
   "kinds": ["docker", "autoconf", "kubernetes"],
   "timeout": 60,
-  "delay": 60,
+  "delay": 300,
   "tests": [
     {
       "type": "string",

examples/mongo-express/docker-compose.yml

@@ -2,7 +2,7 @@ version: "3"
 
 services:
   mybunker:
-    image: bunkerity/bunkerweb:1.4.3
+    image: bunkerity/bunkerweb:1.5.0
     ports:
       - 80:8080
       - 443:8443
@@ -13,9 +13,10 @@ services:
     # another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
     # more info at https://docs.bunkerweb.io
     volumes:
-      - bw_data:/data
+      - bw-data:/data
     environment:
       - SERVER_NAME=www.example.com # replace with your domain
+      - API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
       - SERVE_FILES=no
       - DISABLE_DEFAULT_SERVER=yes
       - AUTO_LETS_ENCRYPT=yes
@@ -27,6 +28,32 @@ services:
       - |
         CUSTOM_CONF_MODSEC_mongo-express=
         SecRule REQUEST_FILENAME "@rx ^/db" "id:1,ctl:ruleRemoveByTag=attack-generic,ctl:ruleRemoveByTag=attack-protocol,nolog"
+    labels:
+      - "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
+    networks:
+      - bw-universe
+      - bw-services
+
+  bw-scheduler:
+    image: bunkerity/bunkerweb-scheduler:1.5.0
+    depends_on:
+      - mybunker
+    environment:
+      - DOCKER_HOST=tcp://docker-proxy:2375
+    volumes:
+      - bw-data:/data
+    networks:
+      - bw-universe
+      - net-docker
+
+  docker-proxy:
+    image: tecnativa/docker-socket-proxy
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    environment:
+      - CONTAINERS=1
+    networks:
+      - net-docker
 
   mongo:
     image: mongo:latest
@@ -36,6 +63,8 @@ services:
       - MONGO_INITDB_ROOT_USERNAME=root # replace with a less obvious username
       - MONGO_INITDB_ROOT_PASSWORD=toor # replace with a better password
       - MONGO_INITDB_DATABASE=mongo # replace with the database name of your choice
+    networks:
+      - bw-services
 
   mongo-ui:
     image: mongo-express:latest
@@ -48,6 +77,18 @@ services:
     restart: unless-stopped
     depends_on:
       - mongo
+    networks:
+      - bw-services
 
 volumes:
-  bw_data:
+  bw-data:
+
+
+networks:
+  bw-universe:
+    ipam:
+      driver: default
+      config:
+        - subnet: 10.20.30.0/24
+  bw-services:
+  net-docker:

examples/mongo-express/tests.json

@@ -2,6 +2,7 @@
   "name": "mongo-express",
   "kinds": ["docker", "autoconf"],
   "timeout": 60,
+  "delay": 60,
   "no_copy_container": true,
   "tests": [
     {

examples/moodle/autoconf.yml

@@ -18,30 +18,19 @@ services:
       - MOODLE_EMAIL=moodle@example.com # replace with your moodle admin email
       - MOODLE_SITE_NAME=My Moodle # replace with your moodle site name
       - MOODLE_DATABASE_HOST=mydb
-      - MOODLE_DATABASE_NAME=moodle
-      - MOODLE_DATABASE_USER=user
-      - MOODLE_DATABASE_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD)
+      - MOODLE_DATABASE_NAME=${MOODLE_DATABASE:-moodledb}
+      - MOODLE_DATABASE_USER=${MOODLE_USER:-user}
+      - MOODLE_DATABASE_PASSWORD=${MOODLE_PASSWORD:-secret} # replace with a stronger password (must match MYSQL_PASSWORD)
     labels:
       - bunkerweb.SERVER_NAME=www.example.com
       - bunkerweb.USE_REVERSE_PROXY=yes
       - bunkerweb.REVERSE_PROXY_URL=/
       - bunkerweb.REVERSE_PROXY_HOST=https://mymoodle:8443
 
-  mydb:
-    image: mariadb:10.5
-    volumes:
-      - db_data:/var/lib/mysql
-    networks:
-      bw-services:
-        aliases:
-          - mydb
-    environment:
-      - MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
-      - MYSQL_DATABASE=moodle
-      - MYSQL_USER=user
-      - MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match MOODLE_DATABASE_PASSWORD)
-      - MARIADB_CHARACTER_SET=utf8mb4
-      - MARIADB_COLLATE=utf8mb4_unicode_ci
+  # For the database, you can refer to the example of the autoconf including a database
+  # In this example, you will need to add the following lines to the mydb service:
+  # - MARIADB_CHARACTER_SET=utf8mb4
+  # - MARIADB_COLLATE=utf8mb4_unicode_ci
 
 networks:
   bw-services:

examples/moodle/cleanup-kubernetes.sh

@@ -1,9 +1,4 @@
 #!/bin/bash
 
-if [ $(id -u) -ne 0 ] ; then
-	echo "❌ Run me as root"
-	exit 1
-fi
-
 helm delete moodle
-kubectl delete pvc data-moodle-mariadb-0
+kubectl delete pvc data-moodle-mariadb-0

examples/moodle/docker-compose.yml

@@ -1,8 +1,12 @@
 version: "3"
 
+x-bunkerweb-env:
+  &bunkerweb-env
+  DATABASE_URI: "mariadb+pymysql://${MOODLE_USER:-user}:${MOODLE_PASSWORD:-secret}@mydb:3306/${BUNKERWEB_DATABASE:-bunkerweb}"
+
 services:
   mybunker:
-    image: bunkerity/bunkerweb:1.4.3
+    image: bunkerity/bunkerweb:1.5.0
     ports:
       - 80:8080
       - 443:8443
@@ -13,18 +17,47 @@ services:
     # another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
     # more info at https://docs.bunkerweb.io
     volumes:
-      - bw_data:/data
+      - bw-data:/data
     environment:
-      - SERVER_NAME=www.example.com # replace with your domain
-      - AUTO_LETS_ENCRYPT=yes
-      - DISABLE_DEFAULT_SERVER=yes
-      - MAX_CLIENT_SIZE=50m
-      - SERVE_FILES=no
-      - USE_CLIENT_CACHE=yes
-      - USE_GZIP=yes
-      - USE_REVERSE_PROXY=yes
-      - REVERSE_PROXY_URL=/
-      - REVERSE_PROXY_HOST=https://mymoodle:8443
+      <<: *bunkerweb-env
+      SERVER_NAME: "www.example.com" # replace with your domain
+      API_WHITELIST_IP: "127.0.0.0/8 10.20.30.0/24"
+      AUTO_LETS_ENCRYPT: "yes"
+      DISABLE_DEFAULT_SERVER: "yes"
+      MAX_CLIENT_SIZE: "50m"
+      SERVE_FILES: "no"
+      USE_CLIENT_CACHE: "yes"
+      USE_GZIP: "yes"
+      USE_REVERSE_PROXY: "yes"
+      REVERSE_PROXY_URL: "/"
+      REVERSE_PROXY_HOST: "https://mymoodle:8443"
+    labels:
+      - "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
+    networks:
+      - bw-universe
+      - bw-services
+
+  bw-scheduler:
+    image: bunkerity/bunkerweb-scheduler:1.5.0
+    depends_on:
+      - mybunker
+    environment:
+      <<: *bunkerweb-env
+      DOCKER_HOST: "tcp://docker-proxy:2375"
+    volumes:
+      - bw-data:/data
+    networks:
+      - bw-universe
+      - net-docker
+
+  docker-proxy:
+    image: tecnativa/docker-socket-proxy
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    environment:
+      - CONTAINERS=1
+    networks:
+      - net-docker
 
   mymoodle:
     image: bitnami/moodle:latest
@@ -39,21 +72,33 @@ services:
       - MOODLE_EMAIL=moodle@example.com # replace with your moodle admin email
       - MOODLE_SITE_NAME=My Moodle # replace with your moodle site name
       - MOODLE_DATABASE_HOST=mydb
-      - MOODLE_DATABASE_NAME=moodle
-      - MOODLE_DATABASE_USER=user
-      - MOODLE_DATABASE_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD)
+      - MOODLE_DATABASE_NAME=${MOODLE_DATABASE:-moodledb}
+      - MOODLE_DATABASE_USER=${MOODLE_USER:-user}
+      - MOODLE_DATABASE_PASSWORD=${MOODLE_PASSWORD:-secret} # set a stronger password in a .env file (must match MYSQL_PASSWORD)
+    networks:
+      - bw-services
 
   mydb:
     image: mariadb:10.5
     volumes:
-      - ./db-data:/var/lib/mysql
+      - db-data:/var/lib/mysql
     environment:
-      - MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
-      - MYSQL_DATABASE=moodle
-      - MYSQL_USER=user
-      - MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match MOODLE_DATABASE_PASSWORD)
-      - MARIADB_CHARACTER_SET=utf8mb4
-      - MARIADB_COLLATE=utf8mb4_unicode_ci
+      MARIADB_RANDOM_ROOT_PASSWORD: "yes"
+    entrypoint: sh -c "echo 'DROP USER IF EXISTS \"${MOODLE_USER:-user}\"; CREATE USER \"${MOODLE_USER:-user}\"@\"%\"; CREATE DATABASE IF NOT EXISTS ${MOODLE_DATABASE:-moodledb}; CREATE DATABASE IF NOT EXISTS ${BUNKERWEB_DATABASE:-bunkerweb}; GRANT ALL PRIVILEGES ON ${MOODLE_DATABASE:-moodledb}.* TO \"${MOODLE_USER:-user}\"@\"%\" IDENTIFIED BY \"${MOODLE_PASSWORD:-secret}\"; GRANT ALL PRIVILEGES ON ${BUNKERWEB_DATABASE:-bunkerweb}.* TO \"${MOODLE_USER:-user}\"@\"%\" IDENTIFIED BY \"${MOODLE_PASSWORD:-secret}\"; FLUSH PRIVILEGES;' > /docker-entrypoint-initdb.d/init.sql; /usr/local/bin/docker-entrypoint.sh --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci"
+    networks:
+      - bw-universe
+      - bw-services
 
 volumes:
-  bw_data:
+  bw-data:
+  db-data:
+
+
+networks:
+  bw-universe:
+    ipam:
+      driver: default
+      config:
+        - subnet: 10.20.30.0/24
+  bw-services:
+  net-docker:

examples/moodle/setup-kubernetes.sh

@@ -1,9 +1,4 @@
 #!/bin/bash
 
-if [ $(id -u) -ne 0 ] ; then
-	echo "❌ Run me as root"
-	exit 1
-fi
-
 helm repo add bitnami https://charts.bitnami.com/bitnami
-helm install -f moodle-chart-values.yml moodle bitnami/moodle
+helm install -f moodle-chart-values.yml moodle bitnami/moodle

examples/moodle/tests.json

@@ -2,7 +2,7 @@
   "name": "moodle",
   "kinds": ["docker", "autoconf", "swarm", "kubernetes"],
   "timeout": 300,
-  "delay": 180,
+  "delay": 300,
   "tests": [
     {
       "type": "string",

examples/nextcloud/autoconf.yml

@@ -56,20 +56,7 @@ services:
         bunkerweb.CUSTOM_CONF_MODSEC_nextcloud=
         SecRule REQUEST_FILENAME "@rx ^/remote.php/dav/files/" "id:1000,ctl:ruleRemoveByTag=attack-protocol,ctl:ruleRemoveByTag=attack-generic,nolog"
 
-  mydb:
-    image: mariadb
-    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
-    volumes:
-      - ./db-data:/var/lib/mysql
-    networks:
-      bw-services:
-        aliases:
-          - mydb
-    environment:
-      - MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
-      - MYSQL_DATABASE=nc
-      - MYSQL_USER=user
-      - MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD)
+  # For the database, you can refer to the example of the autoconf including a database
 
 networks:
   bw-services:

examples/nextcloud/cleanup-kubernetes.sh

@@ -1,8 +1,3 @@
 #!/bin/bash
 
-if [ $(id -u) -ne 0 ] ; then
-	echo "❌ Run me as root"
-	exit 1
-fi
-
-helm delete nextcloud
+helm delete nextcloud

examples/nextcloud/docker-compose.yml

@@ -1,8 +1,12 @@
 version: "3"
 
+x-bunkerweb-env:
+  &bunkerweb-env
+  DATABASE_URI: "mariadb+pymysql://${NEXTCLOUD_USER:-user}:${NEXTCLOUD_PASSWORD:-secret}@mydb:3306/${BUNKERWEB_DATABASE:-bunkerweb}"
+
 services:
   mybunker:
-    image: bunkerity/bunkerweb:1.4.3
+    image: bunkerity/bunkerweb:1.5.0
     ports:
       - 80:8080
       - 443:8443
@@ -13,74 +17,113 @@ services:
     # another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
     # more info at https://docs.bunkerweb.io
     volumes:
-      - bw_data:/data
+      - bw-data:/data
     environment:
-      - SERVER_NAME=www.example.com # replace with your domain
-      - AUTO_LETS_ENCRYPT=yes
-      - DISABLE_DEFAULT_SERVER=yes
-      - MAX_CLIENT_SIZE=10G
-      - USE_CLIENT_CACHE=yes
-      - SERVE_FILES=no
-      - ALLOWED_METHODS=GET|POST|HEAD|COPY|DELETE|LOCK|MKCOL|MOVE|PROPFIND|PROPPATCH|PUT|UNLOCK|OPTIONS
-      - X_FRAME_OPTIONS=SAMEORIGIN
-      - USE_GZIP=yes
-      - BAD_BEHAVIOR_STATUS_CODES=400 401 403 405 444
-      - USE_REVERSE_PROXY=yes
-      - REVERSE_PROXY_URL=/
-      - REVERSE_PROXY_HOST=http://mync
-      - LIMIT_REQ_URL_1=/apps
-      - LIMIT_REQ_RATE_1=5r/s
-      - LIMIT_REQ_URL_2=/apps/text/session/sync
-      - LIMIT_REQ_RATE_2=8r/s
-      - LIMIT_REQ_URL_3=/core/preview
-      - LIMIT_REQ_RATE_3=5r/s
-      - |
-        CUSTOM_CONF_MODSEC_CRS_nextcloud=
+      <<: *bunkerweb-env
+      SERVER_NAME: "www.example.com" # replace with your domain
+      API_WHITELIST_IP: "127.0.0.0/8 10.20.30.0/24"
+      AUTO_LETS_ENCRYPT: "yes"
+      DISABLE_DEFAULT_SERVER: "yes"
+      MAX_CLIENT_SIZE: "10G"
+      USE_CLIENT_CACHE: "yes"
+      SERVE_FILES: "no"
+      ALLOWED_METHODS: "GET|POST|HEAD|COPY|DELETE|LOCK|MKCOL|MOVE|PROPFIND|PROPPATCH|PUT|UNLOCK|OPTIONS"
+      X_FRAME_OPTIONS: "SAMEORIGIN"
+      USE_GZIP: "yes"
+      BAD_BEHAVIOR_STATUS_CODES: "400 401 403 405 444"
+      USE_REVERSE_PROXY: "yes"
+      REVERSE_PROXY_URL: "/"
+      REVERSE_PROXY_HOST: "http://mync"
+      LIMIT_REQ_URL_1: "/apps"
+      LIMIT_REQ_RATE_1: "5r/s"
+      LIMIT_REQ_URL_2: "/apps/text/session/sync"
+      LIMIT_REQ_RATE_2: "8r/s"
+      LIMIT_REQ_URL_3: "/core/preview"
+      LIMIT_REQ_RATE_3: "5r/s"
+      CUSTOM_CONF_MODSEC_CRS_nextcloud: "\
         SecAction \
-         "id:900130,\
+         \"id:900130,\
           phase:1,\
           nolog,\
           pass,\
           t:none,\
-          setvar:tx.crs_exclusions_nextcloud=1"
+          setvar:tx.crs_exclusions_nextcloud=1\"
 
         # WebDAV
         SecAction \
-         "id:900200,\
+         \"id:900200,\
           phase:1,\
           nolog,\
           pass,\
           t:none,\
-          setvar:'tx.allowed_methods=GET POST HEAD COPY DELETE LOCK MKCOL MOVE PROPFIND PROPPATCH PUT UNLOCK OPTIONS'"
-      - |
-        CUSTOM_CONF_MODSEC_nextcloud=
-        SecRule REQUEST_FILENAME "@rx ^/remote.php/dav/files/" "id:1000,ctl:ruleRemoveByTag=attack-protocol,ctl:ruleRemoveByTag=attack-generic,nolog"
+          setvar:'tx.allowed_methods=GET POST HEAD COPY DELETE LOCK MKCOL MOVE PROPFIND PROPPATCH PUT UNLOCK OPTIONS'\""
+      CUSTOM_CONF_MODSEC_nextcloud: "\
+        SecRule REQUEST_FILENAME \"@rx ^/remote.php/dav/files/\" \"id:1000,ctl:ruleRemoveByTag=attack-protocol,ctl:ruleRemoveByTag=attack-generic,nolog\""
+    labels:
+      - "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
+    networks:
+      - bw-universe
+      - bw-services
+  
+  bw-scheduler:
+    image: bunkerity/bunkerweb-scheduler:1.5.0
+    depends_on:
+      - mybunker
+    environment:
+      <<: *bunkerweb-env
+      DOCKER_HOST: "tcp://docker-proxy:2375"
+    volumes:
+      - bw-data:/data
+    networks:
+      - bw-universe
+      - net-docker
+
+  docker-proxy:
+    image: tecnativa/docker-socket-proxy
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    environment:
+      - CONTAINERS=1
+    networks:
+      - net-docker
 
   mync:
     image: nextcloud:24-apache
     volumes:
       - ./nc-files:/var/www/html
     environment:
-      - MYSQL_HOST=mydb
-      - MYSQL_DATABASE=nc
-      - MYSQL_USER=user
-      - MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD)
       - NEXTCLOUD_ADMIN_USER=admin # replace with the admin username
       - NEXTCLOUD_ADMIN_PASSWORD=changeme # replace with a stronger password
       - NEXTCLOUD_TRUSTED_DOMAINS=www.example.com # replace with your domain(s)
       - TRUSTED_PROXIES=192.168.0.0/16 172.16.0.0/12 10.0.0.0/8
       - APACHE_DISABLE_REWRITE_IP=1
+      - MYSQL_HOST=mydb
+      - MYSQL_DATABASE=${NEXTCLOUD_DATABASE:-nextclouddb}
+      - MYSQL_USER=${NEXTCLOUD_USER:-user}
+      - MYSQL_PASSWORD=${NEXTCLOUD_PASSWORD:-secret} # set a stronger password in a .env file (must match MYSQL_PASSWORD)
+    networks:
+      - bw-services
 
   mydb:
-    image: mariadb:10.9
-    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
+    image: mariadb:10.5
     volumes:
-      - ./db-data:/var/lib/mysql
+      - db-data:/var/lib/mysql
     environment:
-      - MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
-      - MYSQL_DATABASE=nc
-      - MYSQL_USER=user
-      - MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD)
+      MARIADB_RANDOM_ROOT_PASSWORD: "yes"
+    entrypoint: sh -c "echo 'DROP USER IF EXISTS \"${NEXTCLOUD_USER:-user}\"; CREATE USER \"${NEXTCLOUD_USER:-user}\"@\"%\"; CREATE DATABASE IF NOT EXISTS ${NEXTCLOUD_DATABASE:-nextclouddb}; CREATE DATABASE IF NOT EXISTS ${BUNKERWEB_DATABASE:-bunkerweb}; GRANT ALL PRIVILEGES ON ${NEXTCLOUD_DATABASE:-nextclouddb}.* TO \"${NEXTCLOUD_USER:-user}\"@\"%\" IDENTIFIED BY \"${NEXTCLOUD_PASSWORD:-secret}\"; GRANT ALL PRIVILEGES ON ${BUNKERWEB_DATABASE:-bunkerweb}.* TO \"${NEXTCLOUD_USER:-user}\"@\"%\" IDENTIFIED BY \"${NEXTCLOUD_PASSWORD:-secret}\"; FLUSH PRIVILEGES;' > /docker-entrypoint-initdb.d/init.sql; /usr/local/bin/docker-entrypoint.sh --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci"
+    networks:
+      - bw-universe
+      - bw-services
 
 volumes:
-  bw_data:
+  bw-data:
+  db-data:
+
+networks:
+  bw-universe:
+    ipam:
+      driver: default
+      config:
+        - subnet: 10.20.30.0/24
+  bw-services:
+  net-docker:

examples/nextcloud/kubernetes.yml

@@ -7,7 +7,7 @@ metadata:
     bunkerweb.io/www.example.com_MAX_CLIENT_SIZE: "10G"
     bunkerweb.io/www.example.com_ALLOWED_METHODS: "GET|POST|HEAD|COPY|DELETE|LOCK|MKCOL|MOVE|PROPFIND|PROPPATCH|PUT|UNLOCK|OPTIONS"
     bunkerweb.io/www.example.com_X_FRAME_OPTIONS: "SAMEORIGIN"
-    bunkerweb.io/www.example.com_BAD_BEHAVIOR_STATUS_CODES: "400 401 403 405 444"
+    bunkerweb.io/www.example.com_BAD_BEHAVIOR_STATUS_CODES: "400 401.4.4 405 444"
     bunkerweb.io/www.example.com_LIMIT_REQ_URL_1: "/apps"
     bunkerweb.io/www.example.com_LIMIT_REQ_RATE_1: "5r/s"
     bunkerweb.io/www.example.com_LIMIT_REQ_URL_2: "/apps/text/session/sync"

examples/nextcloud/setup-kubernetes.sh

@@ -1,9 +1,4 @@
 #!/bin/bash
 
-if [ $(id -u) -ne 0 ] ; then
-	echo "❌ Run me as root"
-	exit 1
-fi
-
 helm repo add nextcloud https://nextcloud.github.io/helm/
-helm install -f nextcloud-chart-values.yml nextcloud nextcloud/nextcloud
+helm install -f nextcloud-chart-values.yml nextcloud nextcloud/nextcloud

examples/nextcloud/swarm.yml

@@ -37,22 +37,7 @@ services:
         - bunkerweb.LIMIT_REQ_URL_3=/core/preview
         - bunkerweb.LIMIT_REQ_RATE_3=5r/s
 
-  mydb:
-    image: mariadb:10.9
-    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
-    volumes:
-      - db_data:/var/lib/mysql
-    networks:
-      - bw-services
-    environment:
-      - MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
-      - MYSQL_DATABASE=nc
-      - MYSQL_USER=user
-      - MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD)
-    deploy:
-      placement:
-        constraints:
-          - "node.role==worker"
+  # For the database, you can refer to the example of the autoconf in swarm mode including a database
 
 networks:
   bw-services:
@@ -61,4 +46,3 @@ networks:
 
 volumes:
   nc_files:
-  db_data: